#1
|
|||
|
|||
[Help] Reversing VMProtect 3?
Hello,
Basically I'm initiating myself on VMProtect because someone came to me looking for help to see if I could help him reversing a program with VMProtect, yeah I know it's crazy... well I checked on PiD and shows VMProtect 3 detected. So, I'm not that familiar with protectors like VMProtect except for Armadillo, but that was like for a project I was working on like a month ago or so, never got too deep in it neither. The thing is, that I need some pointers on how to work with VMProtect, I've got past the anti-debugging protections at the beginning of execution (same ol' anti-debugger techinques to detect debugers, etc, etc.) but I'm failing in particularly one, and it's when I get into the VM, the inline polymorphic VM Handlers undo whatever I do to the Virtualized P-Code, but I'm getting kinda lost here... I was reading this article -> http://lille1tv.univ-lille1.fr/telecharge.aspx?id=d5b2487e-cacc-4596-ab37-dab2b362cb9e that mainly gives a thorough explanation of what you will find inside a program protected with VMProtect, now the thing is that, I've tried reading but like I said, I'm not familiar with some of the concepts, or I don't even know if most of the concepts are up-to-date (guide was written in 2015 and now the latest version is VMProtect 3), mainly because I haven't yet understood how the underlying VM really works, just yet, and only knowing that the VM is always different after each compilation, it makes me cringe... I will really appreciate any help anyone could bring to me and aid me on this clash of protected code vs reversing. |
The Following User Says Thank You to 0xNOP For This Useful Post: | ||
Dr.FarFar (02-26-2022) |
#2
|
|||
|
|||
Quote:
Since you have not mentioned it, I believe that you are not familiar with LCF-AT's scripts and concepts for unwrapping VMP. See here : https://forum.tuts4you.com/topic/30733-vmprotect-ultra-unpacker-10/ You need to register on the forum (for free). I think that the scripts can still work on VMP v3 as well but definitely, the CONCEPTS etc of VM Protect can be learned very well by watching her videos. They will help you immensely in your unpacking quest ! Another EXCELLENT paper on this topic, titled "Unpacking Virtualization Obfuscators" can be found here : http://static.usenix.org/event/woot09/tech/full_papers/rolles.pdf Good luck Last edited by TechLord; 05-12-2016 at 16:06. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VMProtect v1.6 help | _503_ | General Discussion | 3 | 02-21-2009 13:06 |